If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

1) Throw a box in your DMZ.
2) Add firewall ACLs that don't allow internal hosts to hit it.
3) Add firewall ACLs that don't allow external hosts to hit it.
4) Now, add *any* program you like that can see port scan activity. There are hundreds that I can think of other than snort that are free. Hell, you can even use a sniffer for this if you're really hard up.

Done.

Now, when Mr. leet haxor breaks into one of your other hosts in the DMZ, what do you think the first thing he will do if he doesn't have knowledge of your network layout? Yep. Scan for other targets. In doing so he has just announced to you that he has compromised your network and you get to reel him in. Many a dead haxor hang on my shelf using this simple yet effective technique.

--TH13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Decent tutorial on building a Fedora Core 3 system, installing MySQL, Snort, BASE, et. al. to build a solid IDS. His site looks like ****, but the PDF has some good info for the begginer to build an IDS, so it's worth a look.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Re: Creating an IDS

Originally posted here by JJX We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)